How to fix EUVD-2026-21097?

Within 24 hours: Inventory all OpenClaw deployments and document current versions in use. Within 7 days: Upgrade all OpenClaw instances to version 2026.3.25 or later; test in a staging environment first to validate subagent session stability. Within 30 days: Audit session termination logs (review /sessions/:sessionKey/kill endpoint access) for the past 90 days to identify unauthorized session kills; implement role-based access control logging if not already present.

Is Openclaw affected by EUVD-2026-21097?

OpenClaw versions before 2026.3.25 contain an authorization bypass that allows any authenticated user to terminate critical subagent sessions intended for administrator control only, creating a denial-of-service risk against production agent workloads.

EUVD-2026-21097

| CVE-2026-34512 HIGH

2026-04-09 VulnCheck

GHSA-h254-pw58-pj8j

7.2

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 09, 2026 - 21:45 vuln.today

EUVD ID Assigned

Apr 09, 2026 - 21:45 euvd

EUVD-2026-21097

Patch Released

Apr 09, 2026 - 21:45 nvd

Patch available

CVE Published

Apr 09, 2026 - 21:26 nvd

HIGH 7.2

Description

OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termination functions without proper scope validation. Attackers can exploit this by sending authenticated requests to kill arbitrary subagent sessions via the killSubagentRunAdmin function, bypassing ownership and operator scope restrictions.

Analysis

Authorization bypass in OpenClaw versions prior to 2026.3.25 enables authenticated users to terminate arbitrary subagent sessions through the /sessions/:sessionKey/kill HTTP endpoint. Exploiting CWE-863 improper authorization, low-privilege authenticated attackers execute admin-level killSubagentRunAdmin functions without ownership or operator scope validation, achieving high integrity and availability impact on targeted sessions. …

Remediation

Within 24 hours: Inventory all OpenClaw deployments and document current versions in use. Within 7 days: Upgrade all OpenClaw instances to version 2026.3.25 or later; test in a staging environment first to validate subagent session stability. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

EUVD-2026-21097 vulnerability details – vuln.today

Back

EUVD-2026-21097

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-21097

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code